Hello.
Let's say I have a remote site with a fiber connection to the internet.
And a central site that is actually in a datacenter.
At the remote site, I have a XG105 and in the central site it's a XG virtual appliance.
Currently, we have IPsec a tunnel between the XG105 and XG virtual appliance, with a "any-to-any" rule.
The IPsec connexion on remote site is setup with "any" as "Remote Subnets".
This works great (all trafic goes into tunnel - including internet trafic, web filtering happens in datacenter, etc).
Now, we'd like a little change: we'd like some trafic (VoIP trafic) to go out on the internet immediately out of the XG105.
We don't want it to go in the tunnel anymore.
I tried to add an according firewall rule on the XG105 that does it.
Obviously this rule is before the LAN-to-VPN rule (it's the first rule in the rule set).
It doesn't work: the trafic is not "intercepted" by the firewall rule and still goes in the tunnel.
So I guess I have to change the "Remote Subnets" as defined in the IPsec Connection.
How can I do that?
I'd like to define a "any but a couple IP" (VoIP servers) subnet.
Any hint (or different way to address the problem) would be appreciated.
This thread was automatically locked due to age.
